[Emerging-updates] Daily Ruleset Update Summary 3/21/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Mar 21 14:23:59 EST 2011


A lot of new rules and updates today, a new batch of insecure DLL sigs, as well as a significant update to the RBN list. Recommend updating soon!


[+++]          Added rules:          [+++]

 2012521 - ET CURRENT_EVENTS Generic Win32 Banker Trojan CheckIn (current_events.rules)
 2012522 - ET POLICY DNS Query For XXX Adult Site Top Level Domain (policy.rules)
 2012523 - ET CURRENT_EVENTS Executable Download From Russian Content-Language Website (current_events.rules)
 2012524 - ET CURRENT_EVENTS Executable Download From Chinese Content-Language Website (current_events.rules)
 2012525 - ET CURRENT_EVENTS Download of Microsft Office File From Russian Content-Language Website (current_events.rules)
 2012526 - ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website (current_events.rules)
 2012527 - ET CURRENT_EVENTS Download of PDF File From Russian Content-Language Website (current_events.rules)
 2012528 - ET CURRENT_EVENTS Download of PDF File From Chinese Content-Language Website (current_events.rules)
 2012529 - ET CURRENT_EVENTS WindowsLive Imposter Site WindowsLive.png (current_events.rules)
 2012530 - ET CURRENT_EVENTS WindowsLive Imposter Site Landing Page (current_events.rules)
 2012531 - ET CURRENT_EVENTS WindowsLive Imposter Site blt .png (current_events.rules)
 2012532 - ET CURRENT_EVENTS WindowsLive Imposter Site Payload Download (current_events.rules)
 2012533 - ET TROJAN Win32/Virut.BN Checkin (trojan.rules)


And the ET Pro rules:

Insecure DLL Load Sigs:
 2801570 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801571 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801572 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801573 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801574 - ETPRO WEB_CLIENT IBM Lotus Notes nnoteswc.dll Insecure Library Loading - Set (web_client.rules)
 2801575 - ETPRO WEB_CLIENT IBM Lotus Notes nnoteswc.dll Insecure Library Loading (web_client.rules)
 2801576 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801577 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801578 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801579 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801580 - ETPRO WEB_CLIENT IBM Lotus Notes nlsxbe.dll Insecure Library Loading - Set (web_client.rules)
 2801581 - ETPRO WEB_CLIENT IBM Lotus Notes nlsxbe.dll Insecure Library Loading (web_client.rules)
 2801582 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB-DS ASCII (netbios.rules)
 2801583 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB-DS Unicode (netbios.rules)
 2801584 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB ASCII (netbios.rules)
 2801585 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB Unicode (netbios.rules)
 2801586 - ETPRO WEB_CLIENT Multiple Load Library Vulns ibfs32.dll - Set (web_client.rules)
 2801587 - ETPRO WEB_CLIENT Multiple Load Library Vulns ibfs32.dll (web_client.rules)
 2801588 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801589 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801590 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801591 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801592 - ETPRO WEB_CLIENT Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - Set (web_client.rules)
 2801593 - ETPRO WEB_CLIENT Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading (web_client.rules)
 2801594 - ETPRO NETBIOS Adobe Dreamweaver mfc90loc.dll Insecure Library Loading  - SMB-DS ASCII (netbios.rules)
 2801595 - ETPRO NETBIOS Adobe Dreamweaver mfc90loc.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801596 - ETPRO NETBIOS Adobe Dreamweaver mfc90loc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801597 - ETPRO NETBIOS Adobe Dreamweaver mfc90loc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801598 - ETPRO WEB_CLIENT Adobe Dreamweaver mfc90loc.dll Insecure Library Loading - Set (web_client.rules)
 2801599 - ETPRO WEB_CLIENT Adobe Dreamweaver mfc90loc.dll Insecure Library Loading (web_client.rules)
 2801600 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801601 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801602 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801603 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801604 - ETPRO WEB_CLIENT Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - Set (web_client.rules)
 2801605 - ETPRO WEB_CLIENT Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading (web_client.rules)


And the usual updates, new trojans and a Postgresql issue.

 2801672 - ETPRO TROJAN FakeAV Spypro Checkin (trojan.rules)
 2801673 - ETPRO TROJAN Backdoor.Win32.Dtd.A Checkin (trojan.rules)
 2801674 - ETPRO TROJAN Trojan.Win32.Banker.bhhc Checkin (trojan.rules)
 2801675 - ETPRO TROJAN Backdoor.Win32.Prioxer.A Checkin (trojan.rules)
 2801676 - ETPRO TROJAN Trojan.Win32.PKXG.A Checkin (trojan.rules)
 2801677 - ETPRO TROJAN Trojan.Win32.Delftie.azqn Checkin (trojan.rules)
 2801678 - ETPRO TROJAN Backdoor.Win32.Nefkyt.A Checkin (trojan.rules)
 2801679 - ETPRO EXPLOIT EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass (exploit.rules)


[///]     Modified active rules:     [///]

 2008639 - ET TROJAN Tibs Trojan Downloader (trojan.rules)
 2010931 - ET WEB_CLIENT Possible IE iepeers.dll Use-after-free Code Execution Attempt (web_client.rules)
 2012503 - ET CURRENT_EVENTS Compressed Adobe Flash File Embedded in XLS FILE Caution - Could be Exploit (current_events.rules)

----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list